Cisco Systems OL-12172-01 manual Unsupported Features in Transparent Mode, 15-10

Page 10

Chapter 15 Firewall Mode Overview

Transparent Mode Overview

In single mode, you can only use two data interfaces (and the dedicated management interface, if available) even if your security appliance includes more than two interfaces.

Each directly connected network must be on the same subnet.

Do not specify the security appliance management IP address as the default gateway for connected devices; devices need to specify the router on the other side of the security appliance as the default gateway.

For multiple context mode, each context must use different interfaces; you cannot share an interface across contexts.

For multiple context mode, each context typically uses a different subnet. You can use overlapping subnets, but your network topology requires router and NAT configuration to make it possible from a routing standpoint.

Unsupported Features in Transparent Mode

Table 15-1lists the features are not supported in transparent mode.

Table 15-1 Unsupported Features in Transparent Mode

Feature

Description

 

 

Dynamic DNS

 

 

DHCP relay

The transparent firewall can act as a DHCP server, but it does not

 

support the DHCP relay commands. DHCP relay is not required

 

because you can allow DHCP traffic to pass through using two

 

extended access lists: one that allows DCHP requests from the inside

 

interface to the outside, and one that allows the replies from the server

 

in the other direction.

 

 

Dynamic routing protocols

You can, however, add static routes for traffic originating on the

 

security appliance. You can also allow dynamic routing protocols

 

through the security appliance using an extended access list.

 

 

IPv6

You also cannot allow IPv6 using an EtherType access list.

 

 

Multicast

You can allow multicast traffic through the security appliance by

 

allowing it in an extended access list.

 

 

QoS

 

 

VPN termination for through

The transparent firewall supports site-to-site VPN tunnels for

traffic

management connections only. It does not terminate VPN connections

 

for traffic through the security appliance. You can pass VPN traffic

 

through the security appliance using an extended access list, but it

 

does not terminate non-management connections. WebVPN is also not

 

supported.

 

 

 

Cisco Security Appliance Command Line Configuration Guide

15-10

OL-12172-01

Image 10
Contents IP Routing Support 15-1An Inside User Visits a Web Server 15-2An Outside User Visits a Web Server on the DMZ 15-3An Inside User Visits a Web Server on the DMZ 15-4An Outside User Attempts to Access an Inside Host 15-5DMZ User Attempts to Access an Inside Host 15-6Allowed MAC Addresses Transparent Firewall NetworkAllowing Layer 3 Traffic 15-7MAC Address vs. Route Lookups Passing Traffic Not Allowed in Routed Mode15-8 Transparent Firewall Guidelines Using the Transparent Firewall in Your Network15-9 Unsupported Features in Transparent Mode 15-10How Data Moves Through the Transparent Firewall 15-118shows an inside user accessing an outside web server 15-12An Inside User Visits a Web Server Using NAT 15-13An Outside User Visits a Web Server on the Inside Network 15-1415-15 11 Outside to Inside15-16

OL-12172-01 specifications

Cisco Systems OL-12172-01 is a pivotal component in the landscape of networking and telecommunications, particularly catering to the needs of businesses seeking robust and efficient networking solutions. This particular offering is part of Cisco's ongoing commitment to providing advanced networking technologies that enhance connectivity, security, and overall operational efficiency.

One of the main features of Cisco OL-12172-01 is its capability to support enterprise networking environments through highly scalable and flexible architecture. The device is designed to address the growing demands for bandwidth and connectivity in corporate networks, enabling seamless communication and data exchange among various devices and applications. With support for high-speed Ethernet connections, the OL-12172-01 can significantly improve the performance of network operations, ensuring minimal downtime and optimal user experiences.

Security is a hallmark of the Cisco OL-12172-01. The device comes equipped with advanced security protocols that protect sensitive data and mitigate the risks associated with network vulnerabilities. Features such as integrated firewall capabilities, Virtual Private Network (VPN) support, and intrusion prevention systems are vital in safeguarding corporate information against cyber threats. This ensures that businesses can operate confidently in a digital landscape laden with potential risks.

Another significant aspect of the OL-12172-01 is its compatibility with various Cisco technologies, enhancing its versatility. It integrates seamlessly with Cisco’s Software-Defined Networking (SDN) solutions, allowing for dynamic network management and automation. This adaptability means businesses can respond quickly to changing network demands and efficiently manage resources without incurring excessive costs.

The OL-12172-01 also boasts comprehensive management and monitoring tools. Through Cisco's management software, network administrators can easily configure, monitor, and troubleshoot their networks. These tools provide insight into network performance metrics, enabling proactive measures to ensure optimal functionality.

In summary, Cisco Systems OL-12172-01 is a feature-rich device designed for modern enterprise networking. With advanced security measures, high-speed connectivity, and compatibility with cutting-edge technologies, it empowers businesses to optimize their network infrastructure while maintaining high levels of protection. As organizations continue to evolve their IT landscapes, the OL-12172-01 remains a reliable solution for enhancing operational efficiency and safeguarding essential data.